Channels

Services

The unintended kill switch in Bind

The developers of the Bind server software have warned of a security problem that could prevent DNS servers from responding to requests. This is a serious problem, as many of the central DNS servers on the internet use Bind, and hardly anything works without domain name resolution. However, the developers say that no public exploits have so far been found.

A domain's master servers are vulnerable while they are performing an incremental zone transfer (IXFR) – a type of DNS zone transfer – or a dynamic update. The relevant security advisory lists versions 9.7.1-9.7.2-P3 as being affected; the suggested solution is to upgrade to Bind 9.7.3. Running the server with only one worker thread is a potential workaround. The US-CERT recommends that administrators who operate an affected server upgrade to the new version.